[cabfpub] Mozilla SHA-1 further restrictions

Gervase Markham gerv at mozilla.org
Mon Nov 21 19:12:45 UTC 2016

On 18/11/16 15:27, Rob Stradling wrote:
> RFC6962 precertificates are X.509 certificates, but 6962-bis
> precertificates are CMS signed-data objects.
> See
> https://tools.ietf.org/id/draft-ietf-trans-rfc6962-bis-20.html#rfc.section.3.2
> Does that make them "non-certificate data" ?

Hang on... why would someone be signing one of these using SHA-1? SHA-1
use in the WebPKI is banned.


More information about the Public mailing list